<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html 
     PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
  <title>Module: LoginSystem</title>
  <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
  <meta http-equiv="Content-Script-Type" content="text/javascript" />
  <link rel="stylesheet" href=".././rdoc-style.css" type="text/css" media="screen" />
  <script type="text/javascript">
  // <![CDATA[

  function popupCode( url ) {
    window.open(url, "Code", "resizable=yes,scrollbars=yes,toolbar=no,status=no,height=150,width=400")
  }

  function toggleCode( id ) {
    if ( document.getElementById )
      elem = document.getElementById( id );
    else if ( document.all )
      elem = eval( "document.all." + id );
    else
      return false;

    elemStyle = elem.style;
    
    if ( elemStyle.display != "block" ) {
      elemStyle.display = "block"
    } else {
      elemStyle.display = "none"
    }

    return true;
  }
  
  // Make codeblocks hidden by default
  document.writeln( "<style type=\"text/css\">div.method-source-code { display: none }</style>" )
  
  // ]]>
  </script>

</head>
<body>



    <div id="classHeader">
        <table class="header-table">
        <tr class="top-aligned-row">
          <td><strong>Module</strong></td>
          <td class="class-name-in-header">LoginSystem</td>
        </tr>
        <tr class="top-aligned-row">
            <td><strong>In:</strong></td>
            <td>
                <a href="../files/lib/login_system_rb.html">
                lib/login_system.rb
                </a>
        <br />
            </td>
        </tr>

        </table>
    </div>
  <!-- banner header -->

  <div id="bodyContent">



  <div id="contextContent">



   </div>

    <div id="method-list">
      <h3 class="section-bar">Methods</h3>

      <div class="name-list">
      <a href="#M000023">access_denied</a>&nbsp;&nbsp;
      <a href="#M000020">authorize?</a>&nbsp;&nbsp;
      <a href="#M000022">login_required</a>&nbsp;&nbsp;
      <a href="#M000021">protect?</a>&nbsp;&nbsp;
      <a href="#M000025">redirect_back_or_default</a>&nbsp;&nbsp;
      <a href="#M000024">store_location</a>&nbsp;&nbsp;
      </div>
    </div>

  </div>


    <!-- if includes -->

    <div id="section">





      


    <!-- if method_list -->
    <div id="methods">
      <h3 class="section-bar">Protected Instance methods</h3>

      <div id="method-M000023" class="method-detail">
        <a name="M000023"></a>

        <div class="method-heading">
          <a href="#M000023" class="method-signature">
          <span class="method-name">access_denied</span><span class="method-args">()</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
overwrite if you want to have special behavior in case the user is not
authorized to access the current operation. the default action is to
redirect to the login screen example use : a popup window might just close
itself for instance
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000023-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000023-source">
<pre>
    <span class="ruby-comment cmt"># File lib/login_system.rb, line 67</span>
67:   <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">access_denied</span>
68:     <span class="ruby-identifier">redirect_to</span> <span class="ruby-identifier">:controller=</span><span class="ruby-operator">&gt;</span><span class="ruby-value str">&quot;/account&quot;</span>, <span class="ruby-identifier">:action</span> =<span class="ruby-operator">&gt;</span><span class="ruby-value str">&quot;login&quot;</span>
69:   <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000020" class="method-detail">
        <a name="M000020"></a>

        <div class="method-heading">
          <a href="#M000020" class="method-signature">
          <span class="method-name">authorize?</span><span class="method-args">(user)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
overwrite this if you want to restrict access to only a few actions or if
you want to check if the user has the correct rights example:
</p>
<pre>
 # only allow nonbobs
 def authorize?(user)
   user.login != &quot;bob&quot;
 end
</pre>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000020-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000020-source">
<pre>
    <span class="ruby-comment cmt"># File lib/login_system.rb, line 15</span>
15:   <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">authorize?</span>(<span class="ruby-identifier">user</span>)
16:      <span class="ruby-keyword kw">true</span>
17:   <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000022" class="method-detail">
        <a name="M000022"></a>

        <div class="method-heading">
          <a href="#M000022" class="method-signature">
          <span class="method-name">login_required</span><span class="method-args">()</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
<a href="LoginSystem.html#M000022">login_required</a> filter. add
</p>
<pre>
  before_filter :login_required
</pre>
<p>
if the controller should be under any rights management. for finer access
control you can overwrite
</p>
<pre>
  def authorize?(user)
</pre>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000022-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000022-source">
<pre>
    <span class="ruby-comment cmt"># File lib/login_system.rb, line 43</span>
43:   <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">login_required</span>
44:     
45:     <span class="ruby-keyword kw">if</span> <span class="ruby-keyword kw">not</span> <span class="ruby-identifier">protect?</span>(<span class="ruby-identifier">action_name</span>)
46:       <span class="ruby-keyword kw">return</span> <span class="ruby-keyword kw">true</span>  
47:     <span class="ruby-keyword kw">end</span>
48: 
49:     <span class="ruby-keyword kw">if</span> <span class="ruby-ivar">@session</span>[<span class="ruby-value str">'user'</span>] <span class="ruby-keyword kw">and</span> <span class="ruby-identifier">authorize?</span>(<span class="ruby-ivar">@session</span>[<span class="ruby-value str">'user'</span>])
50:       <span class="ruby-keyword kw">return</span> <span class="ruby-keyword kw">true</span>
51:     <span class="ruby-keyword kw">end</span>
52: 
53:     <span class="ruby-comment cmt"># store current location so that we can </span>
54:     <span class="ruby-comment cmt"># come back after the user logged in</span>
55:     <span class="ruby-identifier">store_location</span>
56:   
57:     <span class="ruby-comment cmt"># call overwriteable reaction to unauthorized access</span>
58:     <span class="ruby-identifier">access_denied</span>
59:     <span class="ruby-keyword kw">return</span> <span class="ruby-keyword kw">false</span> 
60:   <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000021" class="method-detail">
        <a name="M000021"></a>

        <div class="method-heading">
          <a href="#M000021" class="method-signature">
          <span class="method-name">protect?</span><span class="method-args">(action)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
overwrite this method if you only want to protect certain actions of the
controller example:
</p>
<pre>
 # don't protect the login and the about method
 def protect?(action)
   if ['action', 'about'].include?(action)
      return false
   else
      return true
   end
 end
</pre>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000021-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000021-source">
<pre>
    <span class="ruby-comment cmt"># File lib/login_system.rb, line 30</span>
30:   <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">protect?</span>(<span class="ruby-identifier">action</span>)
31:     <span class="ruby-keyword kw">true</span>
32:   <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000025" class="method-detail">
        <a name="M000025"></a>

        <div class="method-heading">
          <a href="#M000025" class="method-signature">
          <span class="method-name">redirect_back_or_default</span><span class="method-args">(default)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
move to the last <a href="LoginSystem.html#M000024">store_location</a> call
or to the passed default one
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000025-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000025-source">
<pre>
    <span class="ruby-comment cmt"># File lib/login_system.rb, line 78</span>
78:   <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">redirect_back_or_default</span>(<span class="ruby-identifier">default</span>)
79:     <span class="ruby-keyword kw">if</span> <span class="ruby-ivar">@session</span>[<span class="ruby-value str">'return-to'</span>].<span class="ruby-identifier">nil?</span>
80:       <span class="ruby-identifier">redirect_to</span> <span class="ruby-identifier">default</span>
81:     <span class="ruby-keyword kw">else</span>
82:       <span class="ruby-identifier">redirect_to_url</span> <span class="ruby-ivar">@session</span>[<span class="ruby-value str">'return-to'</span>]
83:       <span class="ruby-ivar">@session</span>[<span class="ruby-value str">'return-to'</span>] = <span class="ruby-keyword kw">nil</span>
84:     <span class="ruby-keyword kw">end</span>
85:   <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000024" class="method-detail">
        <a name="M000024"></a>

        <div class="method-heading">
          <a href="#M000024" class="method-signature">
          <span class="method-name">store_location</span><span class="method-args">()</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
store current uri in the session. we can return to this location by calling
return_location
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000024-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000024-source">
<pre>
    <span class="ruby-comment cmt"># File lib/login_system.rb, line 73</span>
73:   <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">store_location</span>
74:     <span class="ruby-ivar">@session</span>[<span class="ruby-value str">'return-to'</span>] = <span class="ruby-ivar">@request</span>.<span class="ruby-identifier">request_uri</span>
75:   <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>


    </div>


  </div>


<div id="validator-badges">
  <p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
</div>

</body>
</html>